package com.roger.springcloudGreenwich.oauth.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import java.util.Random;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(AuthenticationManagerBuilder builder) throws Exception {
        System.out.println("认证----");
        builder.inMemoryAuthentication().withUser("cs_user").password("{noop}123456").roles("USER")
        .and().withUser("admin").password("{noop}admin").roles("ADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("授权----");
        http.csrf().disable().httpBasic();
        //get请求下的/api/users/全部放行
        http.authorizeRequests()
                .mvcMatchers(HttpMethod.GET,"/api/users/*").permitAll()
        .mvcMatchers(HttpMethod.POST, "/api/users/*").hasRole("ADMIN")
        .anyRequest().authenticated();
    }

    public static void main(String[] args) {
        Random r = new Random();
        int i = r.nextInt(100);
        System.out.println(i);

        String ids = ",304,309,352,339";
        System.out.println(ids.substring(1));

        String[] ss = {"1"};
        System.out.println(ss[8]);

    }
}
